The stack overflow ones look the most promising to me. Overflows are usually what allow exploits in the first place.

Best part is, there's no way to fix it since it's a Lua bug, not a TI one and we've got a nice list to use, for 3.1,3.2,etc

Sure, I guess, but then they're not using the same Lua, and hopefully they break their periodic table

Kofler is not the first person to think of the bugs listed on the Lua bug page

* the first bug involves precompiled code - but third-party Lua TNS documents are plain text, so we can't feed malformed precompiled code into TI's stripped interpreter through that means;
* the second bug involves making C call a Lua function, if the description is correct, and I'm not sure how we could do that (functions of the Lua interpreter calling back into our Lua functions ?);

* bugs 3 to 9 have patches - but executing the testcases (thanks AdRiWeB) for bugs 3 and 9 shows that the Lua is an unpatched version, i.e. TI has made the blunder of not patching 5.1.4

Bug 8 is unreachable, given that TI's stripped-down Lua doesn't contain the "io" functions, according to Hackspire.
Bug 3, 5, 6 and 9 don't show any potential for exploitation.
That leaves bugs 4 (memory corruption, which is often hard to exploit reliably) and 7.

Well, I found something yesterday that might help. I managed get a buffer overflow, and for replace parts of memory (actually, fill it with my data). I think it would be possible to get code execution through this, but I'm not sure.

Sure 
I just don't want to be hasty, saying I found something when its not special at all 

That's a pretty cool find Jim! Hopefully it'll lead to something more.

That's pretty cool.  Nice job, Jim!